Vulnerability/
CVE-2008-3655

7.5

CWE

264

13/8/2008

7/8/2024

CVE-2008-3655

First published: Wed Aug 13 2008(Updated: )

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ruby-lang Ruby	=1.8.3-preview1
Ruby-lang Ruby	=1.8.2-preview4
Ruby-lang Ruby	=1.8.4-preview2
Ruby-lang Ruby	=1.8.1--9
Ruby-lang Ruby	=1.8.7-preview3
Ruby-lang Ruby	=1.8.7-p17
Ruby-lang Ruby	=1.9.0
Ruby-lang Ruby	=1.8.2-preview3
Ruby-lang Ruby	=1.8.6-p110
Ruby-lang Ruby	=1.8.6-p230
Ruby-lang Ruby	=1.8.5-p2
Ruby-lang Ruby	=1.8.5-preview5
Ruby-lang Ruby	=1.8.5-p12
Ruby-lang Ruby	=1.8.5-preview1
Ruby-lang Ruby	=1.8.7-p71
Ruby-lang Ruby	=1.8.4-preview1
Ruby-lang Ruby	=1.8.7-p22
Ruby-lang Ruby	=1.8.4
Ruby-lang Ruby	=1.8.6-p286
Ruby-lang Ruby	=1.8.3
Ruby-lang Ruby	<=1.8.5
Ruby-lang Ruby	=1.8.3-preview2
Ruby-lang Ruby	=1.8.2
Ruby-lang Ruby	=1.8.4-preview3
Ruby-lang Ruby	=1.8.7-preview2
Ruby-lang Ruby	=1.8.1
Ruby-lang Ruby	=1.8.2-preview2
Ruby-lang Ruby	=1.8.6-p36
Ruby-lang Ruby	=1.8.3-preview3
Ruby-lang Ruby	=1.8.6-preview1
Ruby-lang Ruby	=1.8.6-p114
Ruby-lang Ruby	=1.8.5-preview4
Ruby-lang Ruby	=1.8.5-preview2
Ruby-lang Ruby	=1.8.6-preview3
Ruby-lang Ruby	=1.8.0
Ruby-lang Ruby	=1.8.5-p11
Ruby-lang Ruby	=1.8.7
Ruby-lang Ruby	=1.8.6-p111
Ruby-lang Ruby	=1.6.8
Ruby-lang Ruby	=1.8.6-preview2
Ruby-lang Ruby	=1.8.5-p35
Ruby-lang Ruby	=1.8.5-p113
Ruby-lang Ruby	=1.8.5-p115
Ruby-lang Ruby	=1.8.7-preview1
Ruby-lang Ruby	=1.8.6
Ruby-lang Ruby	=1.8.7-preview4
Ruby-lang Ruby	=1.8.5-preview3

Remedy

http://www.debian.org/security/2008/dsa-1651

Remedy

http://www.securityfocus.com/bid/30644

Remedy

http://www.vupen.com/english/advisories/2009/1297

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Example email

Reference Links

collector/nvd-index
collector/nvd-historical
agent/weakness
agent/author
agent/references
agent/severity
agent/description
agent/type
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/ruby-lang
canonical/ruby-lang ruby
version/ruby-lang ruby/1.8.5
version/ruby-lang ruby/1.6.8
version/ruby-lang ruby/1.8.0
version/ruby-lang ruby/1.8.1
version/ruby-lang ruby/1.8.1--9
version/ruby-lang ruby/1.8.2
version/ruby-lang ruby/1.8.2-preview2
version/ruby-lang ruby/1.8.2-preview3
version/ruby-lang ruby/1.8.2-preview4
version/ruby-lang ruby/1.8.3
version/ruby-lang ruby/1.8.3-preview1
version/ruby-lang ruby/1.8.3-preview2
version/ruby-lang ruby/1.8.3-preview3
version/ruby-lang ruby/1.8.4
version/ruby-lang ruby/1.8.4-preview1
version/ruby-lang ruby/1.8.4-preview2
version/ruby-lang ruby/1.8.4-preview3
version/ruby-lang ruby/1.8.5-p11
version/ruby-lang ruby/1.8.5-p113
version/ruby-lang ruby/1.8.5-p115
version/ruby-lang ruby/1.8.5-p12
version/ruby-lang ruby/1.8.5-p2
version/ruby-lang ruby/1.8.5-p35
version/ruby-lang ruby/1.8.5-preview1
version/ruby-lang ruby/1.8.5-preview2
version/ruby-lang ruby/1.8.5-preview3
version/ruby-lang ruby/1.8.5-preview4
version/ruby-lang ruby/1.8.5-preview5
version/ruby-lang ruby/1.8.6
version/ruby-lang ruby/1.8.6-p110
version/ruby-lang ruby/1.8.6-p111
version/ruby-lang ruby/1.8.6-p114
version/ruby-lang ruby/1.8.6-p230
version/ruby-lang ruby/1.8.6-p286
version/ruby-lang ruby/1.8.6-p36
version/ruby-lang ruby/1.8.6-preview1
version/ruby-lang ruby/1.8.6-preview2
version/ruby-lang ruby/1.8.6-preview3
version/ruby-lang ruby/1.8.7
version/ruby-lang ruby/1.8.7-p17
version/ruby-lang ruby/1.8.7-p22
version/ruby-lang ruby/1.8.7-p71
version/ruby-lang ruby/1.8.7-preview1
version/ruby-lang ruby/1.8.7-preview2
version/ruby-lang ruby/1.8.7-preview3
version/ruby-lang ruby/1.8.7-preview4
version/ruby-lang ruby/1.9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203